pom文件
ependencygroupidcom.auth0/groupidartifactidjava-jwt/artifactidversion3.5.0/version/dependency生成token
import com.Alibaba.fast JSON.JSON; import com.auth0.jwt.JWT; import com.auth0. jwt.jwt verifier; import com.auth0. jwt.algorithms.algorithm; import com.demo.entity.Role; import java.time.LocalDateTime; import java.util.Date; import java.util.HashMap; import java.util.Map;/* * @ author admin */publicclasstokenutil {/* * * token过期日期*/privatestaticfinallongexpire _ time=60 * 60 * 1000; /** * token私钥*/privatestaticfinalstringtoken _ secret=' secret ';/* * *生成token*/,经过30分钟* * @param username用户名* @param loginTime登录时间* @return生成的token*/publicstaticstringsign (string username local datetime log intime,rolerole({try ) /设置过期日期datedate=new date (system.currene ) //私钥和加密算法algorithm algorithm=algorithm.hmac 256 (token _ secret ); //设置头部信息MapString,选择objectheader=newHashmap(3; header.put('type ',' Jwt ' ); header.put('alg ),' HS256 ); //token字符串returnjwt.create(.withheader ) header )//要加载到设置token的用户信息. withclaim('loginname ', username ).withclaime ) )的loginTime.toString (().withclaim )、JSON.tojsonstring )、role ).withexpiresat ) don 返回空值; }/* * *验证token是否正确* * @需要param token验证token * @return验证是否成功*/publicstaticbooleanverify (string token ) jtverifierverifier=jwt.require (algorithm ).build ); verifier.verify(Token ); 返回真; }catch(exceptione ) { return false; 阻击器
import com.Alibaba.fast JSON.JSON; import lombok.extern.slf4j.slf4j; importorg.Apache.com mons.lang3. string utils; import com.demo.util.JsonResult; import com.demo.util.TokenUtil; importorg.spring framework.stereotype.com ponent; importorg.spring framework.web.servlet.handler interceptor; import javax.servlet.http.http servlet request; import javax.servlet.http.http无servlet轮询; /** * @author admin */@ component @ sl F4 jpublicclasstokeninterceptorimplementshandlerinterceptor { @ overridepublicbooleanprehandle (http serevlet req e、object handler (throws exception { stringrequestmethod=' options ' ); 请求方法,请求方法(if ) (request.set status ) http servlet response.sc _ oonse } string token=request.get header (authorization ); string utils.is not blank (token ) (if ) token util.verify (token ) ) { return true; } response.setcharacterencoding (utf-8 ); response.set content type (application/JSON; charset=utf-8 '; response.setstatus(401; jsonresultjsonresult=JSON result.fail message (“认证失败”,401 ); response.getWriter ().append (JSON.tojsonstring ) ) JSONresult ); 返回假; }监听白名单设置
importorg.spring framework.stereotype.com ponent; importorg.spring framework.web.servlet.config.annotation.interceptor registry; importorg.spring framework.web.servlet.config.annotation.webmvcconfigurer; import java.util.ArrayList; import java.util.List;/* * @ author admin */@ componentpublicclassintercepterconfigimplementswebmvcconfigurer { privatetokeninterceptortokenintent 构建方法publicintercepterconfig (tokeninterceptortokeninterceptor ) this.token interceptor=token interceptor; } @ overridepublicvoidaddinterceptors (interceptorregistryregistry ) liststringexcludepath=new ArrayList; 登录//Excludepath.add(/system/* ); registry.add interceptor (token interceptor ).addpath patterns/* * ' ).excludepathpatterns ) excludepath ); //除登录接口外,所有接口都需要token验证webmvcconfigurer.super.add interceptors (registry )。 }